vulnerability

(get it in RSS or Atom)

Patch Tuesday for May 2014 - 8 bulletins, 2 critical, 0/zero/zilch/zip for XP

pt-may-2014-250

A quick note to remind you that tomorrow is Patch Tuesday.

The scorecard is "2 from 8", with eight security bulletins due, two of which are rated "Critical."

XP? Not a sausage...

Is Apple finally getting real about security? 60 Sec Security [VIDEO]

2014-05-10-thumb-0250

Where does the data breach buck stop? Why do they call them "secret" links? And is Apple finally getting real about security?

Find out in "60 Second Security" for 10 May 2014

Monday review - the hot 17 stories of the week

dow-250

Catch up with everything we've written in the last seven days - it's weekly roundup time.

Microsoft and Adobe have 0-days, AOL breached, and we win an award! 60 Sec Security [VIDEO]

2014-03-05-thumb-0250

Are two zero-days better than one? What happened to AOL's user database? And is that another award that Naked Security just won?

Find out in 60 Sec Security for 03 May 2014...

That was quick! Microsoft patches the "1776" hole in Internet Explorer

1776-250

The Internet Explorer zero-day bug that made the headlines a few days ago went by the nerdy name of CVE-2014-1776.

The good news? No need to wait until next Patch Tuesday for a fix - Microsoft has issued one already.

Firefox 29 is out - it's more secure, but does it *look* better, too?

ff-250

Firefox 29 is out, in accordance with Mozilla's regular Tuesday-based 42 day update cycle.

There are numerous security fixes combined with some rather in-your-face visual changes...

Not to be outdone by Microsoft, Adobe announces zero-day exploit patch for Flash

flash-250

Hot on the heels of Microsoft's IE zero-day announcement comes an Adobe bulletin about a zero-day in Flash.

(No, they're *not* related, even though the current IE exploits use a Flash file to kick things off.)

Microsoft acknowledges "in the wild" Internet Explorer zero-day

ie-11-250

Microsoft has published a security advisory of the heart-dropping sort.

An "in the wild" exploit has been spotted that can cause RCE, or remote code execution, in Internet Explorer.

Paul Ducklin gives some tips for mitigating the risk...

Apple pushes out critical security fixes for OS X, iOS and Apple TV

apple-upd-250

You still can't tell when you're going to get your next update from Apple, but serious security fixes do seem to be coming more frequently these days.

Like the latest round of patches, closing a raft of hackable holes in OS X, iOS and Apple TV...

No Heartbleed holes in Java, but here comes a sea of patches anyway

hb-no-250

Oracle's quarterly Patch Tuesday updates are out.

Java gets 37 fixes, 35 of them what Oracle calls "Remote Exploit without Authentication".

The silver lining? No Heartbleed bug in Java Standard Edition...

Patch Tuesday for April 2014 - it's Goodbye, Farewell and Amen for Windows XP

pt-2014-04-250

The date's been in our diaries since 2007.

But even with seven years to prepare for it, you'll be forgiven for approaching the April 2014 Patch Tuesday with a bit of a lump in your throat.

Adieu, XP.

Apple patch out, Fake support bust, Liquor store leak - 60 Sec Security [VIDEO]

2014-04-05-justice-250

How long did Apple leave holes in Safari? What punishment can a convicted support call scammer expect? And what happens when a liquor store springs a leak?

Find out in 60 Second Security. the security news video that only takes a minute...

Apple updates OS X Safari - patches a year's worth of holes, but not on Snow Leopard

safari-250

In all the excitement over the End of Windows XP and next Tuesday's Ultimate Update...

...we sort of forgot to write about Apple.

Here's the scoop on the lates OS X Safari browser update, patching 27 vulnerabilities.

SSCC 141 - Adobe revisited, MS-DOS, Word, XP, Snapchat and backup [PODCAST]

sscc-141-thumb-250

Chet and Duck get together once again to look at the week's news with their usual blend of humor, insight and informed intensity....

Take a listen to the latest episode of our weekly quarter-hour podcast!

Microsoft issues alert for Word zero-day - booby-trapped RTF files already used in attacks

wordhazard-250

Booby-trapped RTF files have been found in the wild, exploiting a zero-day hole in Microsoft Word.

Microsoft has issued an alert.

Paul Ducklin gives you four tips for long-term safety against this sort of attack...

Firefox 28.0 takes on the PWN2OWN attacks already

ff-held-250

Firefox 28.0 was released on 18 March 2014, just five days after four exploitable bugs in the browser were disclosed at the PWN2OWN competition.

Paul Ducklin looks at what was fixed...

Microsoft Patch Tuesday - 5 bulletins, 2 critical, 1 for Mac users!

Microsoft's Patch Tuesday for March 2014, the second-to-last scheduled patch that Windows XP users are ever going to see, will fix critical holes in all versions of Windows.

OK, not quite all: Server Core installations will receive updates, but not critical ones.

SSCC 136 - Apple's "goto fail", Neiman Marcus's logfiles, and Adobe's double update [PODCAST]

sscc136-thumb-250

Chester ducks out of booth duties at the RSA 2014 conference in San Francisco to bring you this week's Chet Chat.

From Apple's SSL bug to Adobe's second-in-a-month emergency Flash update, Chet and Duck once again help you to learn from others' mistakes.

Flash patched, Forbes hacked and Korea reacts - 60 Sec Security [VIDEO]

2014-02-22-changeme-250

Another Flash emergency already? More SEA hacking? Why have the password "changeme" if you don't? How big a fine for a 20,000,000 record breach?

It'll only take you a minute to find out!

Adobe pushes out critical Flash update - the second zero-day hole of the month

adobe-flash-patch-thumb

Adobe has just updated its Flash product for the second time this month, pushing out an emergency patch for an attack that has been seen in the wild.